Slackware: bitchx multiple vulnerabilities
Posted by LinuxSecurity.com Team   
Slackware Timo Sirainen discovered several overflow problems in BitchX.

[slackware-security]  BitchX security fixes (SSA:2003-141-02)

New BitchX packages are available to fix security problems found
by Timo Sirainen.  BitchX is an IRC (Internet Relay Chat) client.
Under certain circumstances, a malicious IRC server could cause
BitchX to crash, or possibly to run arbitrary code as the user
running BitchX.

All sites running BitchX are advised to upgrade.

More information on the problem can be found here:

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue May 20 20:13:09 PDT 2003
patches/packages/bitchx-1.0c19-i386-3.tgz:  Patched several potential "evil
  server" security problems noted by Timo Sirainen.
  (* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bitchx-1.0c19-i386-3.tgz

Updated package for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bitchx-1.0c19-i386-3.tgz



MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
ed9affc29424472b5f442e6182be92ec  bitchx-1.0c19-i386-3.tgz

Slackware 9.0 package:
2e2158987c031115a4b1d5cc9741e033  bitchx-1.0c19-i386-3.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):

upgradepkg bitchx-1.0c19-i386-3.tgz


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com